52ec194043a7fe89941369ffc127acdb67cb09deffba7fff5442ce337458010d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52ec194043a7fe89941369ffc127acdb67cb09deffba7fff5442ce337458010d
Size

748KB
Sample

230424-1ahvjaef62
MD5

fb5caff7470e5da72c3c5d270a4e5b98
SHA1

78b534f4f2ec6915985b7af9914273f7ca2a4fa4
SHA256

52ec194043a7fe89941369ffc127acdb67cb09deffba7fff5442ce337458010d
SHA512

6372988d5b048291bcfac2434de94b65d5d44f36bff9298b266124a70b9e7457bad5504e7638b2e14d152b7a8ae1e2f5c679214e5f71d3a3f70e33672c85aeb6
SSDEEP

12288:Uy90S2L2TppQAI28QvS8VGo6HhfrxN8TEFCqI/9dub14wACNO0oITEG:UyFp6A584FGo6HhrMQIJ/9Ib1Z3oIYG

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  52ec194043a7fe89941369ffc127acdb67cb09deffba7fff5442ce337458010d
- Size
  
  748KB
- MD5
  
  fb5caff7470e5da72c3c5d270a4e5b98
- SHA1
  
  78b534f4f2ec6915985b7af9914273f7ca2a4fa4
- SHA256
  
  52ec194043a7fe89941369ffc127acdb67cb09deffba7fff5442ce337458010d
- SHA512
  
  6372988d5b048291bcfac2434de94b65d5d44f36bff9298b266124a70b9e7457bad5504e7638b2e14d152b7a8ae1e2f5c679214e5f71d3a3f70e33672c85aeb6
- SSDEEP
  
  12288:Uy90S2L2TppQAI28QvS8VGo6HhfrxN8TEFCqI/9dub14wACNO0oITEG:UyFp6A584FGo6HhrMQIJ/9Ib1Z3oIYG
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan